Active Directory Security Trimming Stage

An Active Directory Security Trimming query pipeline stage retrieves an Active Directory user’s security identifiers to build a security filter. This restricts the documents in the query result to only those documents for which a user has access permissions. Security trimming is commonly used in business to authenticate between administrative users and normal users, or to limit the site access of website users according to a login/password.

Configuration

Tip

When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.

When using Fusion's REST API, the type for this stage is: active-directory-security-trimming.

A list of Fusion datasources to which security-trimming should be restricted, allowing content from other datasources to pass through un-filtered; if empty, all matching content is subject to filtering.

type: array of string

enableCache

Enable Cache

type: boolean

default value: 'true'

expirationTime

Cache Expiration Time

(in seconds)

type: integer

default value: '3600'

filterAttribute

Filter Attribute

Active Directory attribute to use as the security-trimming filter criterion

type: string

enum: {
objectSid
sAMAccountName
userPrincipalName
}

overrideUserIdentityHandling

Override Default User Identity Handling?

Default handling first attempts to take the user identity from a 'fusion-user-id' http-header, which is the logged-in user ID from the Fusion proxy service. If that value is empty, a 'username' query parameter is tried instead. When this DataSource property is enabled, the specified source and key properties are used explicitly, without any fallback behavior.

type: boolean

default value: 'false'

referral

AD referral

The method for processing referrals encountered by the service provider

type: string

enum: {
follow
ignore
throw
}

server

Active Directory Url

required

E.g. ldap://hostname:port

type: string

format: ldap://[^:]+(:\d+)?

userIdentityKey

User ID key

e.g. username, userID, etc.

type: string

default value: 'username'

userIdentitySource

User ID source

Specify whether the value comes from an http header or query parameter.